The CyberWire Daily Briefing for 7.22.2013

Cyber Attacks, Threats, and Vulnerabilities

UAE foils cyber attack originating in Egypt (Emirates 24/7) The UAE's Telecommunications Authority (TRA) on Sunday said it had successfully thwarted Egypt-originated attempts by cyber-hackers to damage some government electronic sites on Friday

U.A.E. Thwarts Cyber-Attack Attempts on Government Websites (Bloomberg) The United Arab Emirates, the second-largest economy in the Middle East, fought off a series of cyber-attacks later traced to Egypt

Mobile Messaging Service Tango Hacked by Syrian Electronic Army (Hack Read) contThe Syrian Electronic Army has breached into the official website of Tango (Tango.me) a popular mobile messaging service based in Mountain View, California. Hack was announced by the hackers on their official website, according to which the hackers have allegedly downloading 1.5 TB of daily backups including usernames, emails, addresses along with other contact details of site's users and subscriber sent

China Implicated In Zero-Day Attacks On Falun Dafa And Military Groups (TechWeekEurope UK) Cyber Repression: Zero-day malware has been seen targeting a wide range of groups in China, including activists supporting the Falun Dafa and military groups in nearby nations, TechWeekEurope can exclusively reveal. The ongoing campaign appears to

SIM Cards Have Finally Been Hacked, And The Flaw Could Affect Millions Of Phones (Forbes) Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there's still one part of your mobile phone that remains safe and un-hackable: your SIM card

Rooting SIM cards (Cyberwarzone) SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets

UN warns 500 million sim cards vulnerable to hackers (Reuters via Times of India) A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones. The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile sim-cards. Hackers could use compromised sims to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31. The UN's Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant"

How your sim card may be putting your phone at risk of hacking (Firstpost) Millions of mobile phones may be vulnerable to spying due to the use of an outdated 1970-era cryptography technique, according to a new research. The research, due to be presented at an upcoming Black Hat security conference in the US, cites phones

Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users (Ars Technica) Ubuntu maintainer Canonical exhorts users to change passwords immediately. E-mail addresses, user names, and password data for every registered user of the Ubuntu Forums—estimated to be 1.82 million accounts—were exposed in a security breach hitting the company responsible for maintaining the freely available, open-source operating system. There's no sign the compromised data has been published online

Gun–wielding penguin takes over Ubuntu Forums, waves AK–47 at Linux users everywhere (Naked Security) Ubuntu Forums has been hacked. As well as leaving behind an AK-waving penguin, the hackers also took away millions of usernames, email addresses and password hashes

Apple takes Dev Center down for days, finally admits, "We got owned!" (Naked Security) Cynics speculated that recent "extended maintenance" on Apple's Developer Center was really shorthand for "we got owned." Apple has finally come out and admitted it

Apple blames days-long Developer Center outage on "intruder" (Ars Technica) Developers' names, mailing, and e-mail addresses "may have been accessed"

Researcher says he didn't hack Apple's Developer site to harm anyone (C/NET) A security researcher believes he's the reason Apple shut down its Developer Center but claims he was simply reporting a bunch of bugs

UPDATE: Turkish hacker posts video of Apple Dev Centre breach (ITProPortal) Apple has taken its developer website offline after a hacker attempted to steal personal information from its database

Bitdefender finds cracks in Apple's walled garden (CSO) After analyzing more than half a million free apps on both platforms over the last year, Bitdefender found "applications are equally invasive and curious on iOS as on Android, even though one may argue that one of the operating systems is safer"

Compromised Sites Conceal StealRat Botnet Operations (TrendLabs Security Intelligence Blog) Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of 3 essential things: Compromised website for sending spam; Compromised systems for harvesting and delivering the spam data; Compromised website for delivering the payload

BlackBerry Responds to Claims Private Email Credentials Stored by RIM (Threatpost) BlackBerry is refuting a claim made by a German researcher that private email credentials are sent by the new BlackBerry 10 mobile devices to the company without consent, possibly in the clear, and that they're also stored without permission

Exploiting Security Devices? Oh, the Irony (eSecurity Planet) Enterprises spend millions every year on security appliances intended to secure their networks. Yet many of those devices are themselves not secure

Major vulnerabilities in office security and RFID systems (Help Net Security) At the Black Hat conference in Las Vegas, researchers will reveal critical vulnerabilities in many of the world's most widely-used building security systems and RFID‑based badging systems

Hijacking connected cars with a $25 tool (Help Net Security) A presentation by two Spanish researchers scheduled to take place later this month at the Black Hat conference in Las Vegas will apparently prove that hijacking modern cars via electronic means is not only easy, but cheap to execute as well

Rogue ads targeting German users lead to Win32/InstallBrain PUA (Potentially Unwanted Application) (Webroot Threat Blog) German Web users, watch what you install on your PCs! Our sensors just picked up yet another rogue/deceptive ad campaign enticing visitors to install the bogus PC performance enhancing software known as 'PCPerformer', which in reality is a Potentially Unwanted Application (PUA), that tricks users into installing (the Delta Toolbar in particular) on their PCs

Website of Tameer Microfinance Bank Pakistan Hacked and Defaced by PakBugs (Hack Read) Two Pakistani hackers going with the handle of Xploiter and Dr.Freak from PakBugs hacking group have hacked and defaced the official website of Tameer Microfinance Bank (TMFB) which is Pakistan's Largest and the first private commercial Microfinance bank. Hackers left their deface page along with a message on the hacked website which shows the reason for attacking bank site is actually a cyber law act which

Yet another commercially available stealth Bitcoin/Litecoin mining tool spotted in the wild (Webroot Threat Blog) Cybercriminals continue releasing new, commercially available, stealth Bitcoin/Litecoin mining tools, empowering novice cybercriminals with the ability to start monetizing the malware-infected hosts part of their botnets, or the ones they have access to which they've purchased through a third-party malware-infected hosts selling service

Finnish online petition database has been hacked (Cyberwarzone) Finnish online petition site Adressit.com database has been hacked. The attackers have captured hundreds of e-mail addresses and passwords

4chan Launches Cyber Attacks in Protest of Anti-Piracy Efforts (Executive Biz) Members of 4chan this past weekend launched DDoS attacks against the Motion Picture Association of America and the Recording Industry Association of America in retaliation for hiring a software firm to act as cyber hitmen to take down websites hosting illegal movies, Panda Security reports

Where is my data? When hosting providers go away (Internet Storm Center) Most of us host part or maybe even all of our infrastructure at hosting providers. They provide you with floor space, rack space, or in cloud environments with platforms and software for you to use. As with all of these solutions there are pros and cons to having your hardware hosted. In cloud environments the hardware and often software typically belongs to the provider and only the data belongs to you. What could go wrong

Cyber Trends

Mercenary Hackers Will Turn The Internet Into Afghanistan-Like 'Warzone' (Business Insider Australia) A "zero day" exploit is a cyber vulnerability that no one has seen yet in "the wild," meaning on the web, in either forums or in action against targets. Lately, these zero days are going for more and more money. Business Insider recently talked to

Refocusing the private sector cybersecurity mindset (Washington Times) A report this past week surveying clients reveals some startlingly dismal numbers on the breadth and increasing scope of cyber attacks. The report was issued by Prolexic Technologies, a Florida-based technology provider of distributed denial of service protection services

Biggest security issue is perception that we can't win (FierceCIO: TechWatch) One on one with Tenable CEO Ron Gula: Basic guidelines and continuous monitoring yield better risk management. It seems like every other day now we either hear about the discovery of another software vulnerability, or of a new security compromise in a large organization. So is there any way at all that hackers can be kept out of corporate networks

Marketplace

Samsung's potential government deal signals new era for mobile security (CSO) Samsung may be ready to sign deals with the FBI and the U.S. Navy. Analysts say the news is proof that mobile in the enterprise has arrived. But what does this mean for IT operations

Huawei's Chinese connection continues to be source of suspicion (Help Net Security) A day after it was announced that the UK government will investigate the employees at the Huawei's Cyber Security Evaluation Center located in Banbury, Oxfordshire, retired US general and former NSA and CIA director Michael Hayden has said the US intelligence agencies have proof that the company has been aiding cyber espionage efforts of the Chinese government

Does Michael Dell still have the upper hand? (FierceFinance) The interesting thing about the on-going battle for Dell is that things haven't changed all that much, despite a lot of drama

Products, Services, and Solutions

Mechanic by Bitdefender 1.1 (PC Advisor) Mechanic offers something different, however, as Bitdefender appears to be dabbling in the system utilities market. It offers four basic functions: free up unused memory, see which apps are unstable, discover which programs are out of date and perform

Microsoft's Surface Pro beats Apple's iPad in security, says law firm (FierceMobileIT) Microsoft's (NASDAQ: MSFT) Surface Pro does a better job with data security and confidentiality, as well as computing power, than Apple's (NASDAQ: AAPL) iPad, judged Marcus Bluestein, chief technology officer, and Nina Lukina, business analyst, at the law firm of Kraft & Kennedy

Technologies, Techniques, and Standards

Tech Insight: Protecting Against Risks Posed By Anonymization Tools (Dark Reading) Snowden and NSA concerns are causing more users to seek anonymization and encryption tools that could cause security headaches for enterprises. The news about Edward Snowden and the NSA's PRISM program has generated an increased interest around encryption and anonymizing tools. More and more people are interested in covering their tracks and making sure that the "watchers" can't watch them. Sites like PRISM-break.org are encouraging the use of nonproprietary Web browsers and anonymizing tools like Tor. While these things are great for personal use, they can cause security issues for enterprises

Four steps for denying DDoS attacks (Cyberwarzone) Financial institutions have been battling waves of large distributed denial of service attacks since early 2012. Many of these attacks have been the work of a group called the Qassam Cyber Fighters, which until recently posted weekly updates on Pastebin about the reasons behind its attacks, and summarising Operation Ababil, its DDoS campaign

Why iOS jailbreak detection is a fundamentally flawed security process (SC Magazine) I was recently speaking with a company about their concerns regarding security and the topic of jailbreak detection came up. Clearly the person I was speaking with considered jailbreak detection to be an important line of defence against attack. Of course, as the article title implies, I disagree

DHS' Senior Cyber Strategist on How to Build an Effective Cyber Risk Culture (HSToday) In a discussion initiated by Tom Finan, Senior Cybersecurity Strategist and Counsel at the Department of Homeland Security (DHS) on Homeland Security Today's LinkedIn group, Finan said, "As a follow up to the Cybersecurity Insurance Workshop Readout

South Korea confronts uphill battle against hackers (Korea Herald) Seoul maps out plan to beef up cyber security amid a rising wave of hacking attempts from North Korea and China. How long does it take for hackers to break into the secure network of a commercial bank in South Korea

Big banks undergo pseudo cyber attack test (Housing Wire) Big banks undergo pseudo cyber attack test. The government recently ran a drill cyber attack called quantum dawn in order to test the security strength of approximately 40

Cyber drills like Quantum Dawn 2 vital to security in financial sector (Computerworld) "This exercise gave participants the opportunity to run through their crisis response procedures, practice information sharing and refine their protocols relating to a systemic cyber attack." SIFMA will review the results of the cyber exercise with its

Research and Development

How Ford plans to bring cars into the 'Internet of things' (VentureBeat) This sponsored post is produced in conjunction with Ford. Ford's director of technology Vijay Sankaran spends a lot of time thinking about what the "Internet of things" means — and where cars fit into that vision

Academia

5 Reasons Why Undergrad Entrepreneurship Courses Aren't Producing Entrepreneurs (Forbes) Let's face it: courses in entrepreneurship at the undergraduate university level aren't turning out entrepreneurs. Marc Zuckerberg never took "Entrepreneurship 101" during his Harvard days, and even the young entrepreneurs who aren't billionaires (yet) aren't taking these classes

Legislation, Policy, and Regulation

Mission Creep: When Everything Is Terrorism (The Atlantic) NSA apologists say spying is only used for menaces like "weapons of mass destruction" and "terror." But those terms have been radically redefined

Militarizing the Internet? (The National Interest) Following a recent speech, Chairman of the Joint Chiefs of Staff General Martin Dempsey dismissed concerns about the U.S. militarization of cyberspace. "We have a Navy, but we are not being accused of militarizing the ocean," he said. As the world reflects on and responds to the actions of former National Security Agency contractor Edward Snowden, and as the investigation of possible leaks by former Joint Chiefs vice chairman General James Cartwright unfolds, it is difficult to avoid wondering if General Dempsey's answer is the best the administration can muster. An increasing number of adversaries and even allies are coming to believe that the United States is militarizing cyberspace—and that impression of hubris and irresponsibility is beginning to have a real–world impact

NSA issues weigh on military budget bill (Atlanta Journal Constitution) After work was delayed last week on the military's budget plan for 2014, the bill is back on the schedule this week in the U.S. House, as lawmakers in both parties try to fashion new limits on surveillance by the National Security Agency

Mood shifting, Congress may move to limit NSA spying (Miami Herald) Congress is growing increasingly wary of controversial National Security Agency domestic surveillance programs, a concern likely to erupt during legislative debate—and perhaps prod legislative action—as early as next week

NSA growth fueled by need to target terrorists (Washington Post) Twelve years later, the cranes and earthmovers around the National Security Agency are still at work, tearing up pavement and uprooting trees to make room for a larger workforce and more powerful computers. Already bigger than the Pentagon in square

Alexander: Terrorists Benefit from Snowden's Actions (Department of Defense) Army Gen. Keith B. Alexander, also commander of U.S. Cyber Command, spoke yesterday with Pete Williams, chief justice correspondent for NBC News, at the annual Aspen Institute Security Forum in Colorado. "We have concrete proof that

Obama attorney: NSA programs are legal (USA TODAY) For its latest defense of National Security Agency surveillance programs, the Obama administration brought in one of its key lawyers. Robert S. Litt, general counsel for the director of national intelligence, said in a Friday speech at the Brookings

NSA director: Snowden leaks 'make our job tougher' (Fox News) Part of his job as a contractor Booz Allen Hamilton was to move data between networks to facilitate the post 9/11 intelligence sharing requirements. A snow asylum request the State Department tried to play down reports secretary of state John Kerry

Edward Snowden, Congress and the Summer of Outrage (Threatpost) Maybe it's the heat. Or maybe it's them wanting to get it all out of their systems before the August recess. But whatever the case, there are some genuinely angry politicians in Washington right now, trying to figure who they should yell at next for making them deal with the fallout from the leaks perpetrated by Edward Snowden

NSA Puts Limits on Systems Staff in Wake of Snowden Leaks (Bloomberg) The U.S. National Security Agency is imposing new restrictions on systems administrators and other personnel following "irreversible damage" caused by fugitive former contractor Edward Snowden, the NSA director said

Australian Pine Gap spy base contributes to NSA program codenamed X-Keyscore (Cyberwarzone) Central Australia's Pine Gap spy base played a key role in the United States' controversial drone strikes involving the ''targeted killing'' of al-Qaeda and Taliban chiefs, Fairfax Media can reveal

Germany a 'prolific partner' in NSA spy program, magazine reports (Fox News) German Chancellor Angela Merkel vehemently denied the country is a "surveillance state" after a magazine reported her government used a top U.S. National Security Agency spy program. The German magazine Der Spiegel reported Saturday on Germany's

European Parliament Wants Snowden, NSA Chief to Testify on Spying (Slate) The European Parliament is gearing up to launch an investigation into the recently revealed NSA surveillance programs—and lawmakers are drawing up an interesting list of witnesses who they want to invite to interview about the snooping

Snowden may hurt US plans to face China over cyber attack (The Standard Digital News) Edward Snowden, a 30-year-old former Central Intelligence Agency employee, had been talking to the wrong people. Snowden, who had served as an 'infrastructure analyst' with Booz Allen Hamilton, a contractor for the US National Security Agency, had

Jimmy Carter: US "has no functioning democracy" (Salon) Former U.S. president Jimmy Carter is so concerned about the NSA spying scandal that he thinks it has essentially resulted in a suspension of American democracy

Pentagon set to deploy new cyber-warrior corps (Globe and Mail) Future operations run by Cyber Command, Carter suggested, would be focused on the teams. "The teams are new, and they are in addition to the NSA workforce," he said. While they may ultimately be modeled on Special Operations, which provide fighting

Coast Guard cyber unit fights for secure network (Navy Times) Coast Guard Cyber Command stands up officially Aug. 2 in Alexandria, Va., but it's been slowly expanding its mission over the past four years

DHS Scales Back Cybersecurity Programs for Critical Infrastructure (Wall Street Journal) At a time when cyber threats to critical infrastructure are mounting, budget cuts are forcing the Department of Homeland Security to scale back training and information sharing activities. Since March, the government has cancelled two conferences – including one in August — and three training sessions, which teach utility companies how to defend against cyber attacks

Interior min: so far Lithuania has not encounters real cyber attacks (The Baltic Course) According to Lithuania's Minister of the Interior Dailis Alfonsas Barakauskas, Lithuania has not encountered real cyber attack so far, yet every measure will be taken so not only Lithuania but also all the European Union (EU) would be prepared for them

Eavesdropping agency helped shape torture directive: RCMP memo (Hamilton Spectator) Canada's highly secretive electronic eavesdropping agency helped develop a federal directive that lets government agencies use and share information that was likely extracted through torture, a newly obtained document says. Communications Security Establishment Canada, known as CSEC, and its parent department, National Defence, were among several federal agencies that contributed to the information-sharing policy, says an RCMP memo disclosed to The Canadian Press under the Access to Information Act

Litigation, Investigation, and Law Enforcement

The Tipping Point in the War on Leaks (The Atlantic Wire) The United States government has faced criticism for its aggressive war against classified information leaks from within its normally well-secured walls. But there was a tipping point, just after Obama took office, when the administration decided something must be done about leaks

The Secret Service Agent Who Collared Cybercrooks by Selling Them Fake IDs (Wired) The government calls it "Operation Open Market," a four-year investigation resulting, so far, in four federal grand jury indictments against 55 defendants in 10 countries, facing a cumulative millennium of prison time. What many of the alleged

When the feds come knocking: The tale of a Utah ISP, a secret court order, and a little black box (ZDNet) When the NSA secures a secret FISA court warrant to tap into a customer's data, what can the ISP do? Not much, one ISP owner said, who came forward to tell his story

What Happens When We Actually Catch Edward Snowden? (Cyberwarzone) The United States is pressing hard to get hold of National Security Agency leaker Edward Snowden. But if and when Snowden is apprehended, what then? This question deserves attention, too, because the denouement to this drama may be unpleasant not just for Snowden, but for his captors as well

Snowden affair highlights gap between media and public (Miami Herald) The national survey of U.S. voters by Quinnipiac University found that by a huge margin—55 to 34 percent — respondents considered Snowden, the former National Security Agency contract employee, to be a whistleblower, not a traitor. In what the

(Another) Open Letter to Edward Snowden (Huffington Post) A couple of weeks ago, Melissa Harris-Perry at MSNBC posted a letter to Edward Snowden. Some believe that the letter was a bit sarcastic. Let me try a different approach

Verizon's secret data order timed to expire, but NSA spying to carry on (ZDNet) The secret order that authorized snooping on millions of Americans was set to expire. But was it not inevitable that the order would be renewed before it ran out, just as it was before

State Department IG highly critical of IT sub-bureau (FCW) The State Department's Bureau of Information Resource Management, Office of Information Assurance (IRM/IA) has none of those things, according to a State Department's Office of Inspector General audit released in July, and further lacks controls and

NSA surveillance program extended by court, intelligence officials say (Washington Post) A secret court on Friday extended the National Security Agency's authority to collect and store the phone records of tens of millions of American cellphone customers, the top U.S. intelligence official confirmed. The decision by the U.S. Foreign

Facebook Signs Letter Seeking More Transparency From Federal Government On National Security Data Requests (All Facebook) Facebook was among the more than 60 companies, investors, civil-liberties groups, and trade groups to sign a letter to top federal government officials requesting the ability to disclose more information about data requests related to national security, Time reported, as fallout from the National Security Agency's Prism initiative continues

New Jersey rules police must get search warrant for mobile tracking data (VentureBeat) New Jersey law enforcement will no longer be able to simply request cell phone tracking information in an investigation. In 30 days, the state will require a search warrant first be obtained before tracking data is handed over

Snowden: A Man Without a Country (Huffington Post) Without question, the Department of Homeland Security and its myriad sub-agencies are engaging in aggressive intelligence gathering that would have been unthinkable before 9/11, but we are now in a new kind of war unlike any we have fought before

Snowden's Access to NSA's Deepest Secrets Disputed (Bloomberg) The National Security Agency's new operations center on the Hawaiian island of Oahu sits on a high plateau between two volcanoes, 40 minutes from Waikiki Beach. The $358 million compound, which opened in 2012, supplements the electronics-stuffed underground bunker nearby that was the NSA's first Hawaiian location. The facility is the primary U.S. outpost for spying on China and the rest of Asia—and was the workplace of ex-NSA contractor Edward Snowden

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

SNW Fall 2013 (Long Beach, California, USA, Oct 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and co-owned by Computerworld and the Storage Networking Industry Association (SNIA) -- SNW remains unbiased and vendor agnostic. Unlike events focused on a specific vendor agenda and product portfolio, SNW provides a forum of open thought leadership and practical education that defines the spectrum of storage, data and infrastructure solutions available to a highly qualified audience of enterprise technology decision-makers.

2nd Annual East Africa IT and Cyber Security Convention 2013 (Nairobi, Kenya, Nov 28 - 29, 2013) The 2nd Annual East Africa IT and Cyber Security Convention 2013 will bring together leading Cyber and IT Security experts who will provide key insights into critical cybersecurity issues surrounding cyber networks, mobile, and IT infrastructures. Enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure is a challenge that must be met, attend the East Africa Cyber Security and IT Security Convention 2013 that will equip you with a comprehensive range of clarifications and solutions.

SINET Showcase: THE SINET 16 (Washington, DC, USA, Dec 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present in front of 350 sophisticated investors, buyers and researchers from the commercial and government markets. If a company is selected as one of the SINET 16, it will not only be recognized at the event, but receive access to prospective investors and customers as well. Please note that the deadline to apply for the SINET 16 is August 15th.

2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.

EAGB Summer Quarterly Webinar (Webinar, Jul 24, 2013) Join us Wednesday, July 24 from 10:00-11:00 AM as Patrick Dougherty discusses the EAGB's two newest reports: the Summer 2013 Quarterly Regional Economic Update and Cyber Security in Greater Baltimore: State of the Market Report. The EAGB is pleased to welcomespecial guest Karl Gumtow, Co-Founder and CEO of CyberPoint International, to discuss trends in the Cyber Security market and the future of the industry.

Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

AFCEA Global Intelligence Forum (Washington, DC, USA, Jul 30 - 31, 2013) During this day and one half unclassified conference in the National Press Club in downtown Washington, D.C., leaders from across the government, military, and industry will explore the role that the Intelligence Community can play in helping to ensure free and secure cyberspace operations -- from setting requirements, to collecting and analyzing data, to delivering insights and recommendations. In the end, the discourse will look at where industry can partner with the government to provide cyber situational awareness, indications, and warning. Eugene Kaspersky will deliver the keynote. As of July 17, twenty-five seats remain available.

International Conference on Cyber Security (New York, New York, USA, Aug 5 - 8, 2013) The Federal Bureau of Investigation and Fordham University will host the fourth International Conference on Cyber Security (ICCS 2013) on August 5 - 8, 2013 in New York City. ICCS, the White Hat Summit, is an unparalleled opportunity for global leaders in cyber threat analysis, operations and law enforcement to coordinate their efforts to create a more secure world. With the number of cyber threats escalating worldwide, the need for comprehensive security analysis, assessment, and actions has never been greater. Join those working on the front-lines of secure cyber networks at ICCS for the opportunity to learn useful knowledge and share critical intelligence on issues shaping the future of cyber security.

SINET Innovation Summit (New York, New York, USA, Aug 6, 2013) The purpose of the Innovation Summit is to reinvigorate public private partnership efforts and increase relationships between industry, government and academia that fosters sharing of information and collaboration on mutual Cybersecurity research projects.

3rd Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, Aug 6 - 7, 2013) The Information Systems Security Association (ISSA) - Colorado Springs Chapter and FBC, Inc. will once again host the 3rd Annual Cyber Security Training Forum (CSTF). Formerly known as the Cyber Security Training Conference, CSTF is set to convene from Tuesday August 6, 2013 to Wednesday, August 7, 2013 at the DoubleTree by Hilton, Colorado Springs, Colorado.CSTF 2013 will bring together cyber experts from the DoD, federal government, business, research, and academia to address: the latest DoD and government cyber policies, remediation strategies and best practices, the growing impact, and evolution, of cyber threats and how to continue to protect and defend the Global Information Grid (GIG), mobility strategies, cloud & virtualization advancements, and emerging technologies. This will be accomplished through a number of in-depth cyber sessions, hands on live demonstrations, the yearly cyber challenge and government and industry exhibits. Don't miss this educational, and cost effective, cyber event in Colorado Springs, CO..

AFCEA Tinker AFB Information Technology & Cyber Security Expo (Oklahoma City, Oklahoma, USA, Aug 8, 2013) Commercial vendors are invited to Tinker Air Force Base on Thursday, August 8th to exchange information and provide products demonstrations to the military and civilian personnel on base. IT and Information Assurance professionals from Tinker AFB are looking forward learning about the latest cyber security trends and best practices, networking with peers, and sharing remediation strategies.

AIAA Aviation 2013 (Los Angeles, California, USA, Aug 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.

A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, Aug 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project. Dr. Patrick Allen of Johns Hopkins University Applied Physics Lab will be the presenter.

Resilience Week 201 (San Francisco, California, USA, Aug 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.

Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, Aug 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.

National SCADA Conference (Melbourne, Victoria, Australia, Aug 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.

First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.

SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.

Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.